Enforce Latest Configuration
| Plan | Platforms | MASVS |
|---|---|---|
| Enterprise | Android, iOS | Not mapped |
Overview
Enforce Latest Configuration requires the app to confirm its security policy is current before protected runtime controls are allowed to proceed. It is intended for apps where stale policy could create material risk, such as certificate pin updates, emergency control changes, fraud response changes, or regulated access requirements.
When enforcement is enabled and the latest policy cannot be verified, the app follows your configured response instead of continuing with an outdated policy.
When To Use It
Use this control when:
- Security policy changes must take effect before users continue.
- Certificate, attestation, or fraud controls may need emergency updates.
- Your app operates in a regulated or high-risk environment.
- The risk of running stale policy is higher than the risk of blocking startup during connectivity problems.
How It Works
At startup, the protected app contacts AppTego's policy service, verifies the response, compares it with the bundled policy, and applies the latest valid policy before enabling protected controls. If verification fails in enforce mode, the app uses the response you configured for this control.
Public documentation intentionally avoids publishing tenant-specific URLs, embedded key details, cryptographic material, or exact request formats. Those values are generated and managed by AppTego during build and deployment.
How to Enable the Control
Navigate to Device Settings from the AppTego portal, and expand the App Lifecycle section. Under this section you will find the Enforce Latest Configuration control. Click Enable to enable it for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"enforceNewVersion": true,
"getNewVersion": true,
"configuration": [
{
"EnforceNew": {
"action": "kill",
"title": "Security Update Required",
"message": "Unable to verify the latest security settings. Please check your connection and relaunch the app.",
"buttons": ["Exit"],
"actions": ["kill"],
"protection": true
}
}
]
}| Field | Purpose |
|---|---|
enforceNewVersion | Blocks startup until the latest policy is verified. |
getNewVersion | Allows the app to check for policy updates. |
EnforceNew | Configures the user-facing response when verification cannot complete. |
Operating Modes
| Mode | Behavior |
|---|---|
| Enforce enabled | The app must verify current policy before continuing. |
| Update enabled, enforce disabled | The app starts with cached or bundled policy and refreshes in the background. |
| Updates disabled | The app uses only the policy packaged into the protected build. |
Compatibility Notes
- Enforce mode introduces a startup dependency on network reachability and AppTego policy availability.
- Users in poor connectivity, airplane mode, captive portals, or restrictive corporate networks may be unable to proceed until connectivity is restored.
- For most apps, start with background updates before enabling hard startup enforcement.
- For high-risk apps, pair enforce mode with clear user messaging and a support path.